Attackers have shifted from one-off breaches to long-term occupation, exploiting control panels, kernels, CI/CD pipelines, and SaaS sessions to push trusted commits and live inside environments. This recap highlights active exploitation of cPanel (CVE-2026-41940) and the Copy Fail Linux kernel bug (CVE-2026-31431), ongoing supply-chain campaigns by TeamPCP, new backdoors and ransomware flaws, and urgent recommendations to patch, secure pipelines, and tighten SaaS access. #cPanel #CopyFail
Keypoints
- A critical cPanel/WHM flaw (CVE-2026-41940) is being actively exploited, enabling authentication bypasses and site wipes.
- Copy Fail (CVE-2026-31431) is a reliable Linux kernel local privilege escalation that can escape containers and leaves no disk traces.
- TeamPCP is compromising open-source packages and weaponizing CI/CD pipelines to push poisoned releases under legitimate identities.
- Cordial Spider and Snarky Spider use vishing to bypass MFA and gain persistent access to SaaS environments with minimal forensic trails.
- Researchers disclosed a GitHub RCE (CVE-2026-3854) and VECT 2.0 ransomware flaws, underscoring the urgent need for rapid patching and credential rotation.
Read More: https://thehackernews.com/2026/05/weekly-recap-ai-powered-phishing.html